Ticker

6/recent/ticker-posts

Hack any Computer Over Wi-Fi with the WiFi Duck Payload Deliverer

USB Rubber Ducky is a well-known hacking tool in the cyber security industry, but it needs to be repaired before it can be used. That means it is not easy to extract commands from the target computer as you cannot connect to it from a distance after connecting it. And if you do not know which computer is targeted, you may come across empty. This is where WiFi Duck comes in easily.

WiFi Duck is a project developed by Stefan Kremser, also known as Spacehuhn. With it, you can connect WiFi Duck to a specified computer for just a minute, and then connect it to it via Wi-Fi from another device to download any ready-to-download or pre-download before disconnecting.

The advantage is that you can connect to a web interface, save your codes, and use them one by one, or write code on a plane to create results on a computer that you may not have intended before you know what a computer is. For example, if you do not know the application. Or if there were some changes you could not make before you saw the targeted computer.

To use Wi-Fi Duck, you need to be able to communicate with it via Wi-Fi. So you can connect it to your computer and reload it with many different Ducky Script downloads. You can then connect it to a device identified in the real world, connect to its network from your smartphone, and then use the commands that you have corrected or recorded in real time.

Don't Miss: Recover any Windows Password with Ophcrack

Parts Required

If you don't want to make your own, there are pre-installed boards with WiFi Duck software, which you can download on AliExpress, DSTIKE, or Tindie for $27 and shipping that can run from $6 or more depending on your location. It is exported from China, which may not be easy if you live in the U.S. For immediate delivery, you can get DSTIKE WiFi Duck on Amazon for $39.99 with free shipping.

  • Shop at Amazon: DSTIKE USB Duck USB Keyboard (The Item is Not Available in India)

In the preferred version, WiFi Duck can be built using a few microcontrollers. First, you will need an ATmega32U4-based board like the Arduino Leonard or Pro Micro. This will be the board that acts as the USB input keyboard. We've used Pro Micro listed below because Leonard's board is bigger, and portability is a great hacker friend.

The next microcontroller needs to be either ESP8266 or ESP8285, similar to the NodeMCU or D1 Mini. This is the board that serves as the Wi-Fi access point. Designed for wear, ESP8285 is a smaller version of ESP8266 with less flash memory. Also, we were looking for some kind of model, so we went with one of the D1 Minis below.

Alternatively, you'll need a built-in feed board, jumper cables, and a Micro-USB cable if you don't have one. On a Micro-USB cable, make sure it is for both charging and data transfer. It’s hard to say, but some of your old set cables may be charging only, and you’ll know if you don’t get the above MCUs as a port later. You can also use NeoPixel (WS2812b) or Dotstar (APA102) LED.

If you would like to assemble two microcontrollers together, you can use one of these printed circuit board designs to make your PCBs and assemble the two components together.

Software Required

To press all the code into two microcontrollers, you'll need Arduino IDE, which works with Linux, macOS, and Windows, so be sure to install it if you don't have one. Additionally, you will need to have an updated version of Python 3 on your system because the code we will download to ESP8266 will not load properly without it.

While we do not recommend installing any drivers because you may not need them, if you have problems later connecting to your boards and knowing that it is not due to a Micro-USB cable, try installing CP210x USB to UART Bridge VCP driver and / or CH340 driver. I hope, one or both will do the trick.

Step 1: Connect the Wi-Fi Duck

To connect the ESP8266 with the ATmega32U4, we will be working with breadboard and jumper cables. So place each MCU on the bread board, and then use the jumper wires to make the next pin connection.

  • D1 or GPIO 5 (ESP8266) to 3 or SCL (ATmega32U4)
  • D2 or GPIO 4 (ESP8266) to 2 or SDA (ATmega32U4)
  • GND (ESP8266) to GND (ATmega32U4)
  • 5V (ESP8266) to RAW (ATmega32U4)

If you have a NeoPixel LED, also make this connection:

  • VCC (NeoPixel) to VCC (ATmega32U4)
  • GND (NeoPixel) to GND (ATmega32U4)
  • DI (NeoPixel) to 7 (ATmega32U4)

Without an LED, it should look like this:



If your boards have DIP switches on them, be sure to check out our Cyber ​​Weapons Lab video at about 7:14 to learn what changes should be made with operating and operating systems.

Step 2: Configure Arduino IDE

Next, we need to configure Arduino IDE to run on both boards. Go to "Arduino" in the menu, then "Favorites." In the Add-ons URL box Manager, add the following two URLs, then click "OK."



Now, go to "Tools" in the menu, hover over "Board," and select "Board Manager." Do a search for "wifi duck," and install both WiFi Duck AVR Board and WiFi Duck ESP8266 Boards. If you already have them, make sure they are up-to-date. Click "Close" when done.



Step 3: Download WiFi Duck Repo

To get your code for both ESP8266 and ATmega32U4, download the Wifi Duck repository as a zip file from GitHub. You can find it at the following link. Then open the zipper on your computer.

Don't Miss: Automate WIFI Hacking with Wifite2 2020 New Method

github.com/spacehuhn/wifiduck



Step 4: Flash Code to the ATmega32u4

From the repo you just downloaded, go to the atmega_duck folder, and open the atmega_duck.ino file in Arduino IDE. No code correction required. With the Arduino IDE open, go to "Tools" in the menu, navigate over to "Board," then "WiFi Duck AVR," and select the board you have.



Connect the ATmega32u4 board to your computer via your Micro-USB cable, then select its port in the "Port" option in the "Tools" menu. If you do not see the hole in your serial board, the first thing you should do is make sure you are using the correct Micro-USB cable. I had about five cables, and only one of them ended up working with data transfer.



When you're done, click the "Upload" button on the project to light up the program on the board. After that just wait for the code to finish brightening up more; you will receive a notification at the bottom of the project.



Step 5: Flash Code to the ESP8266

Now is the time to turn on the code in your ESP8266. From repo, go to the esp_duck folder, and open the esp_duck.ino file in Arduino IDE. No code correction required. Since it is open in Arduino IDE, go to "Tools" in the menu, navigate over to "Board," then to "WiFi Duck ESP8266," and select the board you have.



After disconnecting ATmega32U4, connect the ESP8266 board to your computer via your Micro-USB cable, and select its port in the "Port" option in the "Tools" menu. Also, if you do not see the hole in your serial board, check that you are using the correct Micro-USB cable.



When you're done, click the "Upload" button on the project to light up the program on the board. After that just wait for the code to finish brightening up more; you will receive a notification at the bottom of the project.



Step 6 Connect and launch your first script

When all is light, disconnect ESP8266 from your computer, and connect ATmega32U4 by backing up the Mini-USB cable. On your computer, change your Wi-Fi connection to a network called "wifiduck" and use "wifiduck" as a password.

Don't Miss: How to Recover Files from Corrupted USB Drive

You will not have internet access, but you will be connected to your WiFi Duck setup. And if your target computer is the same as your computer, you can create your pre-download and try them on your computer to make sure they work.

Once in the correct network, open the browser and visit 192.168.4.1 This integration will allow you to do things like use the device, save documents, and more. To change the WiFi network name, click on "Settings," and change the SSID and password.

Now, you can go back to the main menu to compose, save, and start downloading Ducky Script. There are reference texts you can play with and a key for all the activities available to help write your own load. To do something really simple, in the editor, try "GUI SPACE" when you're on a Mac. If you are using this text, Spotlight Search should appear.



To expand that, you can add "STRING null-byte.com" so that "google.com" will appear in the Spotlight search box.



To open the Terminal window, change the URL to "terminal" and enter "ENTER." Then, add "DELAY 2000" so you can write something like "STRING whoami." That will fill the Terminal window with whoami. You can add another delay and say "ENTER" to actually use the command.



Now, to test it out in a real-world situation, connect your computer back to your regular Wi-Fi network so you can access the internet. With the WiFi Duck still plugged into your computer, go onto another device such as your smartphone, connect to the WiFi Duck's network, visit 192.168.4.1, then run any of your scripts. And this is where I'll leave you to play around.

Post a comment

0 Comments